Re: Using ldap authentication/authorization

Adi Linden Thu, 13 Jun 2002 12:23:09 -0700

Oops, answered my own question. I was working with freeradius-0.5.

> > DEFAULT     Ldap-Group == "admins"


This works just fine using a cvs checkout.

Adi

On Thu, 13 Jun 2002, Adi Linden wrote:

> > You can create normal groups in your ldap tree. Then you can do group searches
> > like this in your users file:
> > 
> > DEFAULT     Ldap-Group == "admins"
> 
> Done that, I get the following error when running "radiusd -s -xxx":
> 
>     Module: Loaded files 
>      files: usersfile = "/usr/local/etc/raddb/users"
>      files: acctusersfile = "/usr/local/etc/raddb/acct_users"
>      files: compat = "no"
>     /usr/local/etc/raddb/users[178]: Parse error (check) for entry DEFAULT: 
>     Unknown attribute Ldap-Group
>     Errors reading /usr/local/etc/raddb/users
>     radiusd.conf[672]: files: Module instantiation failed. 
> 
> If I do this in the users file it never gets checked against the ldap 
> attribute... Looking at the source, "ldap_groupcmp" should do the group 
> checking and the "rlm_ldap: Entering ldap_groupcmp()" statement should 
> appear when it hits the "Group" or "Ldap-Group".
> 
> DEFAULT       Group == "admins"
> 
> Thanks,
> Adi
> 
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using ldap authentication/authorization

Reply via email to